Power BI, Tableau, Looker, MicroStrategy, Oracle EPBCS, SAP BPC — and the next category you'll add. One verb model, one audit trail, AI agents that actually edit. An Inbox that plugs into your existing ServiceNow / Jira / Slack instead of replacing it.
Each platform admits to OneAdmin via the access pattern that fits it — snapshot upload for closed systems, live connect where credentials work, native-studio embed for the ones that earn it. Adding a new platform is one catalog entry, not a new product.
Next: Cognos · SAP BW · IBM Planning Analytics · Anaplan · Snowflake governance · dbt project admin · …
Most admin tools collapse the whole stack into one layer and lock you in. OneAdmin keeps three layers cleanly split so a new platform slots in as configuration, not as a rewrite.
Where humans + agents meet. Same shell for every platform; per-platform UX is configuration, not a fork.
/systems /systems/:id/<platform>/workspace/:id/inbox/:requestIdOne domain model that every platform speaks. The seam that makes 'one admin layer' real instead of aspirational.
POST /oneadmin/verbs/dispatchGET /oneadmin/principals/GET /oneadmin/audit/?since=…The platform-specific work lives here. Each adapter is replaceable; the L2 contract stays put.
reporting-backend · epbcs-agent · …kg-service · /powerbi/<id>/tablesPOST /verbs/dispatch → adapterAn EPBCS adapter we ship today and the Anaplan adapter you build next year share the same L1 + L2. The user sees no seam.
Your ServiceNow / Jira / Slack stays the source of truth for business approval. OneAdmin holds the link, the technical approval, and the audit — not your process.
Each verb has a Trust Ladder step. Read-only by default. Agents earn execution rights one rung at a time per tenant policy.
identity.grant, data.read, sync.snapshot, calc.execute_rule. The same verb shape whether the target is Power BI, EPBCS, Looker, or the next platform you'll add. Cross-platform reports stop being a heroic effort.
An external request lands (ServiceNow, Jira, Slack, email). OneAdmin intercepts, drafts the technical implementation, surfaces it in the Inbox with a dry-run, links back to the original ticket. Business approval stays where it lives. Technical approval gets a signed receipt.
Every edit — agent or human — lands as an AuditLog row with the verb, the actor, the delegation chain, and a link to the chat that produced it. Cross-platform queries that used to take a week now answer in seconds.
Snapshot before publish. Diff any two versions. Restore in one click. Works the same for a Power BI dataset, an EPBCS application, a LookML project — because the verb model is the same.
New planner joining? 'Give Bob the same access as Alice across EPBCS, Power BI, and Looker.' Agent computes the diff, drafts the verbs, you approve in the Inbox, the executors apply.
Every verb call → immutable AuditLog event. Tenant-scoped. License-gated. SOC2 / ISO27001 export on demand — one signed JSONL file covering every system, no per-platform reconciliation.
Point OneAdmin at a Power BI tenant, an EPBCS pod, a Looker instance. Pick the access pattern — snapshot, connect, or native-studio. Ingest the inventory into the knowledge graph.
POST /systems { vendor: 'oracle.epbcs', access: 'native' }Tables, measures, business rules, security filters, member dimensions, LookML views — queryable through Studio or the platform's admin agent. Same shell, per-platform tools.
agent: list_objects · diff_versions · who_has_accessServiceNow ticket, Jira issue, Slack message, plain email. OneAdmin parses the intent, drafts the technical implementation as verbs, links back to the source. Business approval stays where it already lives.
POST /oneadmin/inbox/webhook { source: 'servicenow', ref: 'RITM…' }The Inbox shows the drafted verbs, the dry-run, the platforms touched, the expiry. One human signs off on the implementation. The original ticket gets a structured receipt.
POST /oneadmin/inbox/:id/approve { decided_by: 'sec@…' }L2 routes each verb to its per-platform executor. AuditLog rows land with user · verb · platform · external_request_ref · delegation chain. Reversible by default; restorable from snapshot.
POST /oneadmin/verbs/dispatch → adapter → AuditLogMost "agentic" tools expect you to trust the AI on day one. We don't. OneAdmin agents start read-only and climb the ladder as your team learns to trust each action class.
Agent answers questions from snapshots. Zero risk. Day-one CISO sign-off.
Agent drafts changes. Nothing leaves draft state without an explicit human click.
Read-side activities (search, traceability, diff) run without approval — they don't mutate.
Write activities go through one explicit approval. Agent stages, human signs, system applies.
For low-risk, high-frequency actions, policy rules let the agent execute directly with audit + alert.
Dashboard authors and finance planners get the glory. You get the pager. OneAdmin is built for the admin tier across BI, EPM, and the categories coming next — and gives you tools the dashboard layer never thought to build.
You're the one paged at 11pm because a refresh failed and nobody knows why. Five vendor consoles open at once.
One Studio. Every refresh, edit, grant — timestamped, attributed, restorable. Same shell whether it's Power BI, Tableau, or Looker.
Quarter close. Five planners want different things. Calc Manager rules referencing members nobody can remember adding.
'Which rules reference NA_Sales?' → answer in 4 seconds, with the chat thread that produced each rule. Snapshot before push.
SOC2 audit. 'Show me every privileged action across BI and EPM in Q2.' You spend two weeks pulling logs from five systems.
audit.export() — one signed file, every system, every verb, every user, every external_request_ref. Tenant-scoped by default.
Migration from on-prem to cloud, multiple vendors in flight, no single source of 'who has access to what, where.'
Universal verb model + Workspace gives you the platform-agnostic inventory + access layer you've been hand-rolling in spreadsheets.
Half your ServiceNow tickets are 'grant access' or 'change a rule' that take a week to land — because the request and the implementation live in two different worlds.
Inbox intercepts the ticket, drafts the verbs, links the technical approval back to the ITSM record. Same ticket, drastically shorter cycle.
You're rolling out new tenants weekly. Every one needs the same baseline access + dashboards + planning rules — done by hand, each time.
Replication verbs mirror a known-good tenant. Trust Ladder controls how much the agent can do on its own per customer.
20 minutes. Pick a platform — Power BI, EPBCS, Looker, Tableau, MicroStrategy, BPC. We'll admit it, intercept a real request from your ServiceNow or Jira, draft the verbs, and show you the audit row your security team will want by next week.